It connects to the internet via Wi-Fi and has a microphone to record children and send that information off to third-parties for processing before responding with natural language responses. But US security researcher Matt Jakubowski discovered that when connected to Wi-Fi the doll was vulnerable to hacking, allowing him easy access to the doll’s system information, account information, stored audio files and direct access to the microphone.

Jakubowski told: “You can take that information and find out a person’s house or business. It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want.” Once Jakubowski took control of where the data was sent the snooping possibilities were apparent. The doll only listens in on a conversation when a button is pressed and the recorded audio is encrypted before being sent over the internet, but once a hacker has control of the doll the privacy features could be overridden.

It was the ease with which the doll was compromise that was most concerning. The information stored by the doll could allow hackers to take over a home Wi-Fi network and from there gain access to other internet connected devices, steal personal information and cause other problems for the owners, potentially without their knowledge.

This isn’t the first time that Hello Barbie has been placed under the privacy spotlight. On its release in March privacy campaigners warned that a child’s intimate conversations with their doll were being recorded and analysed and that it should not go on sale. With a Hello Barbie in the hands of a child and carried everywhere they and their parents go, it could be the ultimate in audio surveillance device for miscreant hackers. ToyTalk and Mattel, the manufacturers of Hello Barbie, did not respond to requests for comment.